Description

A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel.

Remediation

References

CVE-2019-7853

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2006-1517)

WordPress Plugin Participants Database SQL Injection (1.9.5.5)

Jenkins Improper Input Validation Vulnerability (CVE-2016-0792)

WordPress Plugin Bangla Sidebar Login Cross-Site Scripting (1.0)

WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)

Severity

Medium

Classification

CVE-2019-7853 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities